February 20, 2016 By Cindy Compert 3 min read

In Part I of this series, I discussed how data security and privacy best practices are similar to the children’s game “Treasure Hunt,” and I offered 10 tips for protecting your booty upon arrival at your tropical island. But what are you supposed to do before you even get there? Here are seven additional best practices on how to prepare.

1. Cash Is King

Before you set out on your journey, a visit to the king is in order to secure patronage. Have you identified your executive sponsor and associated budget? If not, you may find yourself lost at sea and unable to remain afloat.

2. Watch Your Ballast

Ballast is what provides stability for your ship. Too much and you risk sinking in rough seas. In data security, the equivalent of ballast is being weighed down by manual processes and tools that don’t meet your needs. Throw them overboard! Consider using automated methods to identify what’s important, such as data sources, files and databases.

3. Beware of Traitors

A traitor could derail your entire journey by giving up your position and sharing valuable information with pirates. No one wants to talk about rogue employees and the risk of insider threats. Nevertheless, we need to be thinking like pirates at all times and anticipating all possibilities. Activity monitoring is a good way to ensure that the crew doesn’t turn against you.

4. Avoid Mutiny

If you’ve ever seen “Mutiny on the Bounty,” you know what happens when a captain does not have the crew’s respect. Worse than a traitor, your very existence could be threatened.

Being a strong leader means being clear about your team’s roles and responsibilities with respect to data protection. Who administers the policies? What mechanisms do you have in place for approvals and escalations? Using a structured approach with built-in workflows means ensuring everyone signs off on exceptions.

5. Check the Weather Often

Back in the days of sail, both wind and weather made the difference between getting to your destination, going down with the ship or succumbing to illness and starvation. In data security and privacy, the weather is the prevailing regulatory environment.

With the EU-U.S. Privacy Shield potentially replacing Safe Harbor in addition to the new EU GDPR regulations taking effect in 2018, it’s critical to understand the changes on the horizon and to anticipate how those changes might impact your plans.

6. Always Be Prepared for Battle

Being prepared means having both detective and preventive measures in place. Do you have a lookout 24 hours a day? What if a ship approaches and the pirates try to board? In data security, you must observe all activity and have a plan in place to identify and then respond to unusual activity.

Sometimes those pirates are so tricky that they foil all our best defenses, such as blocking rogue SQL, alerting, etc. How do you detect unusual data access activity patterns? This is where machine learning comes in — applying cognitive computing techniques to identify that needle in the haystack.

7. One Man’s Trash Is Another Man’s Treasure

Be careful about how you dispose of your trash. If you drop it overboard, you will be leaving valuable clues for the pirates (in addition to being a polluter).

The same is true for removing old data. It needs to be disposed of in a manner that ensures it is no longer usable. Several recent breaches involved access to unneeded data that could have been either placed into a secure archive or disposed of entirely. Old data equals risk.

Learn more about securing the data that powers your business

More from Data Protection

Why safeguarding sensitive data is so crucial

4 min read - A data breach at virtual medical provider Confidant Health lays bare the vast difference between personally identifiable information (PII) on the one hand and sensitive data on the other.The story began when security researcher Jeremiah Fowler discovered an unsecured database containing 5.3 terabytes of exposed data linked to Confidant Health. The company provides addiction recovery help and mental health treatment in Connecticut, Florida, Texas and other states.The breach, first reported by WIRED, involved PII, such as patient names and addresses,…

Addressing growing concerns about cybersecurity in manufacturing

4 min read - Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface.According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.Apparently, the data being stored in industrial control systems is…

3 proven use cases for AI in preventative cybersecurity

3 min read - IBM’s Cost of a Data Breach Report 2024 highlights a ground-breaking finding: The application of AI-powered automation in prevention has saved organizations an average of $2.2 million.Enterprises have been using AI for years in detection, investigation and response. However, as attack surfaces expand, security leaders must adopt a more proactive stance.Here are three ways how AI is helping to make that possible:1. Attack surface management: Proactive defense with AIIncreased complexity and interconnectedness are a growing headache for security teams, and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today